1. Field of the Invention
The present invention relates to computer networks, and more particularly to a network abstraction and isolation layer (NAIL) that provides abstraction and/or isolation to isolate machine identity of one or more computers in a network system.
2. Description of the Related Art
Computer systems are often designed or otherwise optimized for a particular operating system (OS) and/or specific application programs. There is a need in the industry, however, to break the traditional tie between a specific machine and the particular OS or computers that are less application-specific than the traditional models. In many instances, for example, there is a need to provide a generic or general purpose server system and to replicate that system on an as-needed basis. Or a library of pre-configured server types may be designed, each configured according to a particular set of functions. It is further desired to be able to replicate an existing server on the fly and use multiple clones of the server in the same network environment. Such on-demand replication would be advantageous to handle pre-specified demands or loads, or in response to an increased demand in a given network. For example, on-demand replication would enable a system administrator or an application manager to quickly and/or automatically recruit additional “boxes” to increase overall computing capacity, such as hot-plugging one or more new servers into the network.
An inherent problem with computer system replication for use in the same network is that one or more of the unique network identifiers are also replicated. There are several unique system identifiers for a computer system that give each machine a unique identity, including a Media Access Control (MAC) address, an Internet Protocol (IP) address, a machine name (MN), and for many computers an additional system or security identifier (SID) (e.g., a system security identifier or SSID for Windows®-based machines). Another unique identifier is the Domain Name Service (DNS) Name. The IP and MAC are OS universal whereas the MN, SID and DNS Name identifiers are typically OS and/or application specific. The MAC address is typically burned into a memory device upon manufacture and tied to a single network port, such as implemented on a network interface card (NIC). The MAC and IP addresses are often used to enable communications between devices on a network, such as, for example, TCP/IP communications. The IP and MAC addresses can be particularly problematic since either or both can be embedded within certain application programs. An embedded network identifier imposes a problem for on-the-fly replication since it would otherwise have to be modified to prevent an identification conflict in a given network.
There is a system preparation tool from MicroSoft® called SysPrep that enables a new server system to be created based on an existing server system. For example, if a machine is loaded with a selected operating system, such as, for example, Windows® 2000, referred to as a “Win2K” system, then the SysPrep tool may be used to create a second, duplicate Win2K system on a different hardware setup. The unique system identifiers are changed on the new system to give it a unique identity.
The SysPrep tool is useful for manufactures to create new servers from an existing server profile, but only prior to loading software applications. Once particular software applications have been loaded, the SysPrep tool is not useful for on-demand replication of the server for use in the same network since many applications imbed one or more of the unique system identifiers. The software applications are instead loaded and configured after the SysPrep tool is used. The amount of time necessary to load and configure application programs is prohibitive for on-demand or hot-plug applications.
An on-demand replication capability is particularly advantageous for use with virtual servers. Virtualization technology enables multiple logical servers to operate on a single physical computer. A logical server may originate as a set of files that may be assembled and activated. Virtual servers suffer from a similar problem as their physical counterparts. Although some unique system identifiers may be readily modified after duplication, any identifiers embedded within any application programs must be located and changed. Otherwise, the replicated system is useless in the same networking environment as the original server. Although replication may work for some system configurations, it will not work for all configurations and is therefore not an elegant solution.
The replication problem illustrates a broader problem of network identity control. Embedded network identifiers make it very difficult to enable a computer system to communicate in the network without identification conflicts. Even if computers are not replicated, there are other situations and applications in which it may be desired to alter or otherwise isolate a computer in a network and to enable that computer to communicate in the network, such as server or application farms, cluster failover, re-routing functionality, virtual local area networks (VLANs), network traffic filtering, disaster recovery, etc. It is desired to provide complete control of network identity in a network while avoiding potential identification conflicts between computers.